Is Your Antivirus Software Really Worth the Investment?

Is your organization's sizable investment in deploying and upgrading network antivirus solutions really worth the cost? According to a study released in December, commercial antivirus products may not be any more effective at defending against malware than many of the freeware solutions available today, and in some cases were actually performed by the no-cost options.

Security provider Imperva, working with researchers from the Technion-Israel Institute of Technology, collected and tested more than 80 malware variants against a selection of 40 products in the marketplace, and found that detection rates for many malicious code samples were as low as 5%, according to the Assessing the Effectiveness of Antivirus Solutionsreport.

"Enterprise security has drawn an imaginary line with its antivirus solutions, but the reality is that every single newly created virus may subvert these solutions. We do not believe that enterprises are achieving the value of the investment of billions of dollars in anti-virus solutions," said Imperva CTO Amichai Shulman.

The study found that some of the leading commercial solutions offered by antivirus software giants Symantec, McAfee and Kaspersky were in some cases surpassed by no-cost packages offered by companies such as Avast and Emsisoft, though they noted that the freeware options did produce higher than average false-positives.

In many cases, it took antivirus products as long as four weeks to update software to counter newly discovered malware signatures, and malicious code that was seen to be distributed at a slower rate significantly increased the period between propagation and detection, making highly targeted infection campaigns all that more difficult to defend against.

The crux of the report's conclusions comes down to whether or not organizations - and consumers for that matter - are realizing a reasonable return on investment considering that the overall outlay for antivirus products represents more than 30% of the expenditures made for security-related software solutions annually.

"In 2011, Gartner reported that consumers spent $4.5 billion on antivirus, while enterprises spent $2.9 billion, a total of $7.4 billion. This represents more than a third of the total of $17.7 billion spent on security software. We believe both consumers and enterprises should look into freeware as well as new security models for protection," the researchers stated.

With millions of new samples of potentially malicious code to be examined every day, it is impossible to manually analyze every one. Most antivirus providers depend on automated threat analysis systems to allow more suspicious code to be examined determine which samples merit inclusion in antivirus software updates. The problem is that malware designers are more often engaging in tactics that allow malicious code to go undetected by those automated systems through the use of hooking techniques that allow code to remain dormant in virtual environments and evade detection.

This trend contributes to the researchers' conclusion that the majority of antivirus solutions are simply "unable to provide complete protection since they are unable to keep up with virus propagation on the Internet." While they do not advocate abandoning commercial antivirus solutions altogether, they do recommend that organizations should bolster network monitoring capabilities to better detect anomalous activities that may be an indicator of malicious intent.

"Security teams should focus on detecting abnormal behavior, such as unusually fast access speeds or large volume of downloads, and adjust their security spend on modern solutions to address today's threats," the researchers suggested.

Share this post:

You May Also Be Interested In:

Anthony M. Freed is an information security journalist and editor who has authored numerous feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets, including The New York Times, Reuters, The Register, Financial Times of London, MSNBC, Fox News, PC/IT/Computer/Tech World, eWeek, SC Magazine, CSO Magazine, Federal News Radio, The Herald-Tribune, Naked Security, and many more. Anthony was the Managing Editor of Infosec Island, an online community designed for IT and network professionals who manage security, risk and compliance issues.